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CLAIMS 

What is claimed is: 

1 . A method for controlling user access to distributed resources on a data 
communications network, the method comprising: 

receiving a resource request, said request including a rights key credential, said 
rights key credential comprising: 
at least one key to provide access to a resource on said data communications 
network; and 

a resource identifier, said resource identifier comprising a resource server peer 
group ID and a randomized ID, said resource server peer group ID 
identifying a resource server peer group, said resource server peer group 
comprising at least one server that maintains a mapping between a 
randomized ID and said at least one key; and 
providing access to said resource using said at least one key. 

2. A method for controlling user access to distributed resources on a data 
communications network, the method comprising: 

receiving a resource request, said request including a rights key credential, said 
rights key credential comprising: 
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at least one key, each of said at least one key providing access to at least one 
resource on said data communications network, each of said at least one 
resource stored on a separate secure device; and 

a resource identifier, said resource identifier comprising a resource server peer 
group ID and a randomized ID, said resource server peer group ID 
identifying a resource server peer group, said resource server peer group 
comprising at least one server that maintains a mapping between a 
randomized ID and said at least one key; and 
providing access to said resource using said at least one key. 

3. A program storage device readable by a machine, embodying a program of 
instructions executable by the machine to perform a method for controlling user 
access to distributed resources on a data communications network, the method 
comprising: 

receiving a resource request, said request including a rights key credential, said 
rights key credential comprising: 
at least one key to provide access to a resource on said data communications 
network; and 

a resource identifier, said resource identifier comprising a resource server peer 
group ID and a randomized ID, said resource server peer group ID 
identifying a resource server peer group, said resource server peer group 
comprising at least one server that maintains a mapping between a 
randomized ID and said at least one key; and 
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providing access to said resource using said at least one key. 

4. A program storage device readable by a machine, embodying a program of 
instructions executable by the machine to perform a method for controlling user 
access to distributed resources on a data communications network, the method 
comprising: 

receiving a resource request, said request including a rights key credential, said 
rights key credential comprising: 
at least one key, each of said at least one key providing access to at least one 
resource on said data communications network, each of said at least one 
resource stored on a separate secure device; and 
a resource identifier, said resource identifier comprising a resource server peer 
group ID and a randomized ID, said resource server peer group ID 
identifying a resource server peer group, said resource server peer group 
comprising at least one server that maintains a mapping between a 
randomized ID and said at least one key; and 
providing access to said resource using said at least one key. 

5. An apparatus for controlling user access to distributed resources on a data 
communications network, the apparatus comprising: 

means for receiving a resource request, said request including a rights key credential, 
said rights key credential comprising: 
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at least one key to provide access to a resource on said data communications 
network; and 

a resource identifier, said resource identifier comprising a resource server peer 
group ID and a randomized ID, said resource server peer group ID 
identifying a resource server peer group, said resource server peer group 
comprising at least one server that maintains a mapping between a 
randomized ID and said at least one key; and 
means for providing access to said resource using said at least one key. 

6. An apparatus for controlling user access to distributed resources on a data 
communications network, the apparatus comprising: 

means for receiving a resource request, said request including a rights key credential, 
said rights key credential comprising: 
at least one key, each of said at least one key providing access to at least one 
resource on said data communications network, each of said at least one 
resource stored on a separate secure device; and 
a resource identifier, said resource identifier comprising a resource server peer 
group ID and a randomized ID, said resource server peer group ED 
identifying a resource server peer group, said resource server peer group 
comprising at least one server that maintains a mapping between a 
randomized ID and said at least one key; and 
means for providing access to said resource using said at least one key. 
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